[FFmpeg-devel] libavcodec/als: remove check for predictor order of a block
Ronald S. Bultje
rsbultje at gmail.com
Sat Oct 14 17:32:17 EEST 2017
Hi Umair,
On Sat, Oct 14, 2017 at 9:59 AM, Umair Khan <omerjerk at gmail.com> wrote:
> I tested the file which Michael sent. The thing is that I'm getting
> error in decoding that file in both the cases, with or without the
> patch. I will begin debugging this issue, however I think the file
> which Michael sent has got nothing to do with the patch in this
> thread.
>
I don't think the file is meant to be decoded correctly, it's a specially
crafted file to demonstrate that certain codepaths (triggered by files such
as this) can be used to trigger unwanted behaviour (overreads, overwrites,
etc.). Eventually, combinations of such files can be used to break into
your system with specially crafted media files (yes, really).
Your patch introduces such a security issue (since it's triggered by the
file after, but not before the patch). This must be fixed before the patch
can be committed.
Ronald
More information about the ffmpeg-devel
mailing list